Forget Bill Gates, watch for computer viruses

Posted: Saturday, April 08, 2000

ERIC SPELLMANNPLUGGED IN

With all the talk about the government's battle with Microsoft and the stock market fluctuations, it's easy to forget some very basic rules you must follow to take care of your computer investment. For instance...

You're working on your computer one night, when all of a sudden a picture of the "Cookie Monster" appears on your monitor. Text below reads, "Feed me a cookie." You don't know what to do so you just hit the key and he disappears. Ten minutes later, he reappears, once again asking for that cookie. "What is going on?" you ask. You hit again, but every ten minutes you are interrupted with the blue, furry guy asking for sweets.

Here's what you don't know: Your computer is infected with the "Cookie Monster" virus. If you don't type in "Happy Birthday Yoshi" (and how would you know to do that?) whenever he asks for a cookie, the virus goes out, randomly selects one file on your hard drive, and deletes it! In other words, every ten minutes, this virus plays Russian roulette with your computer files. By the way, "Yoshi" is the codename of the Israeli teenager that wrote the virus.

So, what is a virus, and how did you get one? Let's start with the basics. A virus is a program. It is not a mistake or accident. You cannot "hit the wrong key" and cause a virus. They don't just come out of nowhere. Viruses are not alive. They are programs created by people to "do something" (many times, malicious) to your computer. Viruses are not the same things as "computer bugs." Computer bugs ARE unintentional mistakes made by programmers when developing software. Viruses are VERY intentional.

No one in their right mind would ever double-click on a virus. So, how do viruses get around? Well, many viruses attach themselves to "good" programs. Whenever you double-click on the "good" program, the virus also executes or "runs." For instance, if a virus infected Microsoft Word, every time you ran Microsoft Word, the virus would come out and do its mischief.

Trojan Horses

Much like their name implies, trojan horse viruses are simply "programs that claim to do one thing when, in fact, they do something else." As an example, let's say that I gave you a diskette to take home. I told you that the diskette contained a program called, "MakeMoneyFast.exe" and that by clicking on it, you would be well on your way to prosperity and happiness!

Sounds great, right? Well, you get home, insert the diskette, and

double-click on the "program." It immediately begins to erase your hard drive.

Trojan horses don't replicate. They don't spread like file infectors.

They are single-use "mail bomb" types of programs. Typically, they are created by a "soon-to-be-fired disgruntled employee." Many times, this angry worker will set the "bomb" to explode long after he's gone, maybe even months later! An unsuspecting employer wakes up one morning to discover his corporate information has disappeared!

Stealth Viruses

Imagine a virus that can hide from "anti-virus software." In the old days, anti-virus software only checked hard drives for viruses. A stealth virus could "sense" that anti-virus software was coming. It would then move itself from the hard drive and hide in RAM until the anti-virus program left. Then, it would redeposit itself back onto the hard drive. Pretty sneaky!

Today's anti-virus software can find stealth viruses by checking RAM at the same time as it checks the hard drive. Because of that, you don't see that many stealth viruses "in the wild" anymore.

Worms

Chances are, you will never see a computer "worm." Worms primarily live on the Internet. They go after "servers." If you remember from earlier columns, a server is a computer that is on the Internet 24 hours/day, 7 days/week. Your computer is not a server; therefore, you are not at risk of being "bitten" by a worm. When a worm finds a server, it will probe its defenses, looking for security holes. If it finds one, the worm wriggles it's way in and begins to replicate like mad.

After a while, the millions of replicating worms eventually overload the

server, causing it to crash. Worm attacks are rare, but they do occur. The largest worm attack occurred in the late 1980's. Dubbed "The Internet Worm," this program affected nearly one third of the servers on the Internet! (Not that big a deal if you consider that only colleges and NASA used the Net during that time...) However, it did make the newspapers.

Network administrators scurried to make sure that their servers were

protected.

Well, I'm quickly running out of room. Next week, I'll discuss the most

insidious of viruses: the polymorphic virus. I'll also discuss how anti-virus software works and how to choose a good one. Until then,